Bitcoin Forum
January 26, 2020, 06:20:35 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Security bounties  (Read 122902 times)
Globb0
Legendary
*
Offline Offline

Activity: 2128
Merit: 1516


We care alot!


View Profile
April 22, 2018, 03:09:05 PM
 #61

Oh look 2 post copying robots in a row


Is there a particular reason why amounts are in Troy ounces of gold? I know the US is running a risk of default, but I do not see the dollar devaluing so much as to justify using Gold as a "stable" currency.
1580062835
Hero Member
*
Offline Offline

Posts: 1580062835

View Profile Personal Message (Offline)

Ignore
1580062835
Reply with quote  #2

1580062835
Report to moderator
1580062835
Hero Member
*
Offline Offline

Posts: 1580062835

View Profile Personal Message (Offline)

Ignore
1580062835
Reply with quote  #2

1580062835
Report to moderator
1580062835
Hero Member
*
Offline Offline

Posts: 1580062835

View Profile Personal Message (Offline)

Ignore
1580062835
Reply with quote  #2

1580062835
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
krishnaverma
Member
**
Offline Offline

Activity: 490
Merit: 58


View Profile
June 16, 2018, 11:05:23 AM
 #62

Admin, I have a question regarding this :  1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.

If I am able to confirm the email from different possible email id for an account , is it acceptable ? Like confirming the email id of DefaultTrust from among possible 100 mail ids.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7421


View Profile
June 19, 2018, 06:53:27 PM
 #63

Admin, I have a question regarding this :  1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.

If I am able to confirm the email from different possible email id for an account , is it acceptable ? Like confirming the email id of DefaultTrust from among possible 100 mail ids.

No, if you have someone's email address then there are several known ways of finding their username. I don't consider this a bug.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
STSToken
Newbie
*
Offline Offline

Activity: 67
Merit: 0


View Profile
July 09, 2018, 12:19:27 PM
 #64

Is there any plans to increase the bounty awards?
ridertiger
Full Member
***
Offline Offline

Activity: 490
Merit: 110



View Profile
July 10, 2018, 01:50:28 PM
 #65

https://bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site?
simonova
Jr. Member
*
Offline Offline

Activity: 64
Merit: 3


View Profile
July 13, 2018, 03:44:18 PM
Merited by malevolent (3)
 #66

Is there any plans to increase the bounty awards?

Will you submit the bug only if the bounty reward is increased ?  Share with the admin and he will compensate accordingly. Also, the current rewards are very much in accordance with standard payouts given by reputed websites. The admin mentioned this somewhere in this thread.
arhipova
Jr. Member
*
Offline Offline

Activity: 43
Merit: 3


View Profile
July 20, 2018, 08:09:26 AM
 #67

Bullshit offer.
If you are sincere in solving any security breach, you should seek paid professionals.

All big companies like FB, Google take the same route even after they have paid professionals hired full time for this work. Users can be the best judge especially for new features.
krishnaverma
Member
**
Offline Offline

Activity: 490
Merit: 58


View Profile
July 21, 2018, 12:31:48 PM
 #68

https://bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site?

There are setting in different browsers to block certain websites completely.

You will have to follow tutorial online for the specific browser you are using.

If by doing sometime about it, you meant that you would like to get that website down, that is a very long route.
yakovs
Jr. Member
*
Offline Offline

Activity: 32
Merit: 1


View Profile
July 22, 2018, 06:25:55 AM
 #69

If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?

Just yours so far. (A CSRF.)

And what about current stats ?
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7421


View Profile
July 22, 2018, 10:24:23 PM
 #70

And what about current stats ?

Doing a quick count, it looks like a total of about 11.4 XAU has been paid in security bounties since inception.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Mpamaegbu
Sr. Member
****
Offline Offline

Activity: 1120
Merit: 297


📱 CARTESI 📱 INFRASTRUCTURE FOR DAP


View Profile
September 11, 2018, 11:51:44 AM
 #71

https:// bitcointalk.org/ is a copy cat and one time I almost entered my password there. Good thing I did not, but is there anyhthing, anyone can do about that site?
If you feel that truly that site is a phishing one why not deactivate the link so no one mistakenly falls prey to it. But I seem not to see anything different from that site as it is the same with our BTT in spelling and all that.


                               .█
                             .-███
                           .-███-███
                         ..███.   ███
                        .███.      ███
                      .███.         ███
                    .███-            ███
                  .███-               ███
                .███:.                 ███
              .███*.                   .███
 ████████████████████████████         .███████████████
 ███......................███.      .███-...........███
 .███                      ███.   .███-             .███
  .███                      ███ .███:.               .███
    ███.                    .██████.                   ███
     ███.                   .████.                      ███
      ███                  .█████.                      .███
      .███               .███. ███                       .███
        ███.           .███-    ███                        ███
         ███.        .███-      .███                        ███
          ██████████████         -█████████████████████████████
                    ███.                    .███
                     ███                  .███
                      ███:              .███
                       ███-           .███
                        ███.       .-███
                         ███.    .-███
                          ███  ..███
                          .███.███
                           .████
                            -█
CARTESI📱 
LINUX INFRASTRUCTURE FOR DAPPS

                               .█
                             .-███
                           .-███-███
                         ..███.   ███
                        .███.      ███
                      .███.         ███
                    .███-            ███
                  .███-               ███
                .███:.                 ███
              .███*.                   .███
 ████████████████████████████         .███████████████
 ███......................███.      .███-...........███
 .███                      ███.   .███-             .███
  .███                      ███ .███:.               .███
    ███.                    .██████.                   ███
     ███.                   .████.                      ███
      ███                  .█████.                      .███
      .███               .███. ███                       .███
        ███.           .███-    ███                        ███
         ███.        .███-      .███                        ███
          ██████████████         -█████████████████████████████
                    ███.                    .███
                     ███                  .███
                      ███:              .███
                       ███-           .███
                        ███.       .-███
                         ███.    .-███
                          ███  ..███
                          .███.███
                           .████
                            -█
cescudero95
Jr. Member
*
Offline Offline

Activity: 98
Merit: 2


View Profile
September 13, 2018, 12:35:31 AM
 #72

And what about current stats ?

Doing a quick count, it looks like a total of about 11.4 XAU has been paid in security bounties since inception.

Sorry, but what is XAU exactly?

ripaex (https://ripaex.io/)
Marketplace
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3640
Merit: 7421


View Profile
September 13, 2018, 04:28:36 AM
 #73

Sorry, but what is XAU exactly?

Troy ounces of gold.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
STT
Legendary
*
Offline Offline

Activity: 2338
Merit: 1184


LuckyB.it is Back!


View Profile WWW
July 19, 2019, 04:12:44 AM
 #74

I will speak to someone next week who does this vulnerability testing professionally.   Maybe he will tip me if he has a trick from work and manages to do anything :p


Is there any plans to increase the bounty awards?
They increase every day so long as the gold price does


Sorry, but what is XAU exactly?
https://www.xe.com/currencycharts/?from=XAU&to=USD&view=10Y

XAG is silver

https://www.xe.com/iso4217.php#X

Is there a particular reason why amounts are in Troy ounces of gold? I know the US is running a risk of default, but I do not see the dollar devaluing so much as to justify using Gold as a "stable" currency.
The forum is internationally based could be one point but mostly I think of Dollar as the pre nixon standard of being fixed to gold hence its always reasonable to offer gold long term especially to an international audience.   If I have no liabilities in dollars then the gold could be preferable, dollars do depreciate over time and this topic is years old.   Honestly everyone should keep a little gold, maybe I'm biased or maybe people forgot +10% interest rates, etc. I havent.

                         ▄▄▄▄▄▄
             ▄▄█████▄▄███████████▄▄
     ▄▄    ▄████▀▀█████▀▀▀  ▄███████▄
  ▄█████  ████    ███▀     ███▀▀▀████▌
 ▐██▀    ████    ▐██▀  ▄  ▐███    ███▌
 ▐██▄   █████  ▄▄███  ███ ███▌   ▄███
  ▀█████████████████▄███ ▐█████████▀
    ▀▀▀▀████▀▀  ▀▀████▀  ██████████
       ▐███▌            ▐███    ▀███▄
       ████             ███▌     ████
    ▄▄█████       ▄██▄ ▐███     ▄███▀
 ▄███████████▄▄▄█████▀ █████▄▄▄████▀
█████▀▀▀▀██████████▀ ▐███████████▀
▀▀          ▀▀▀▀▀     ▀▀▀▀  ▀▀▀













██████████████████
████████████████████████
████████████████████████████
███████████████████████▀▀    ███
████████████████████▀▀   ▄▄██  ███
██████████████████▀▀   ▄▄██████  █████
██
████████████▀▀   ▄▄██████████  █████
███
████████▀▀   ▄▄██████████████  ██████
██
█████▀▀   ▄▄██████████████████  ██████
██
██▀   ▄▄██████████████████████  ██████
██
██
▄▄██████████████████████████  ██████
██
██
████████████████████████████  ██████
███
██
███████████████████████████  ██████
██
███
█████████████████████████  █████
████
██
█████████████████████████  █████
███
██
████████████████████████████
███
████
██████████████████████████
████
█████
███████████████████
██████
██████████████████
██████████████████












● Great Prizes
● Trophies
● The Original Plinko
● Great Community
● Chat Lotto
● Low House Edge
Report to moderator
Security Engineer
Newbie
*
Offline Offline

Activity: 14
Merit: 1


View Profile
August 29, 2019, 11:17:33 PM
Last edit: August 30, 2019, 02:13:00 PM by mprep
 #75

Hello theymos.

I quote here two post regarding BitcoinTalk's security and I hope you will do what I recommended.

@theymos If I'm you I would remove Google reCaptcha before a DoS hits your main server! The sitekey my boy, the sitekey... I also did some research around the SSL certificates you got from Sectigo... Later I will contact you when I decided what to do with all this.

You don't want to keep that Google reCaptcha there mainly not only because I was able to indentify your server behind cloud but you don't need that at all! Before the cloud it was useful but now you can use just one captcha... better for you.

Quick tips for mitigation: Remove Google reCaptcha and implement Argo Tunnel

administrator of this forum without any knowledge of programming. I have read his post from the very first one and nothing indicates he had any knowledge of programming.
Bitcointalk are Big forum have over 2.6 Million member need knowledge of management. And not necesarry know about programing.
Manager can recruit people who have knowledge about it.
That is correct DroomieChikito!  Wink

If @theymos do what I recommended to him here: https://bitcointalk.org/index.php?topic=5179950.msg52306296#msg52306296 and in PM than he never again would need to even think about that something bad happens to the server(s) of BitcoinTalk. In the current state BitcoinTalk is vulnerable. If he does what I recommended it will mitigate all types of attacks once and forever.

This topic will loose it relevance immediately: https://bitcointalk.org/index.php?topic=309785.msg3326091#msg3326091 meaning that no more bounty. Some regarding the forum and email can be still ongoing but he would need to rewrite the entire post.

Cheers!



I can't reply to your PM theymos Cheesy I'm to new here...  Roll Eyes
I got your PGP key. I will send you what you asked. Right now I'm busy with something else. I can assure you soon you will get the response in PM or in an encrypted email.

Is this yours?
Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQMuBExwwKsRCADZL8C3DWzSohJv6qcrZ2r0jdhY/BhUKzs8utbpa+wbPrBztNCN
9Gxu+6PUiFVuEhpdXpCKGy2sf+CyzOTdGYJtlIykH6jdEW/PLyW5a23SKZEHvI4S
RNWZCPF9kqujRHb++mrf6t6ehiMUkFcn0aQOYMMrk/pVrdx3LmmUSgsvOvCRRWS3
vo1uNJdlnqOA7pc6sgOs7bZI32zVk4p+1QVgZ6gKAOx2ga8IBILs3KMzt72WFdF1
1W0k92T/xQ+FHf0O9nMdeN/qKRBSZn1CMoJgaG23Kj8O3K3AwEgijBD60ByvIHOL
7WjFJ8IVA/obhn/Xoa1ZD91rDYvH/18kldVXAQDTdgjwDHNd4AItspbLTMvtovK8
RxWvNiHy7nE6j/BmlQgAl02c0soZXL2VhGw0gX+gIUZY3jD2pWQSFqdUb+dXNqVI
ISjINPqD35xm7Hll4B5CSlsjz5j+gJc8xrfWw1YAjK6SJxhQcevI+wbXBqfX3pYj
MYeOgszkSHAcs5EsW03EdYQ9SlrFk+5+4hsUBp86hEb3xaqkj3a2X3cO1J3erZ2R
ScFayjr7aTCuSmdguCsslSSyn/xW+N7f0s/C4JPgnVznfw1/BpNm7gFTfKidGmlx
ib4JtrxlwuYwNRbEFsynFHA+hjHa+NyJBHdf+MUyTQ/bzpiEhxL9QXKRDBTAGVMx
f44qR07JtFfZjogEXSWt1NP2fJhMsqWyFHJq7n7Kegf+NMPvIOiVJiAKjEQ5j2+6
X+DbBcjRgKr0vNdYeP7dnGK47LPRfX3EE+dTQerawlWunPoHBRkRmDShjxxwlV1F
eTf+buj5yFCBPNCAxKsnXi1EN78iPNkTbnWgKutTDup/fKY+1MZbK/FiymMvHes0
77n0HvzVrQIRaqmk6/jPC6o8f7IuZzpmYFnyUha2v0kdX0VcJATV/AzcIIVFJc5X
YLdcpRxW7qxIvOAJqpHvxl7Gdj7oYBwvnbnU/2Hl3HWh9Lo4AjfD+KpfT/F+iMiK
A4k5geMKtdJk+BLVZYos4qCAZX6VXraTDP2lVWXYzWGP9HKuos19H4V/y/LgJGFe
pbQnTWljaGFlbCBNYXJxdWFyZHQgPG1pY2hhZWxfbStwZ3BAbW0uc3Q+iIAEExEI
ACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgKCQsDBRYDAgEAAAoJEMZV
VpPatZHnOagBALomn7hramaFsh4W/UfP7dUIXE9BMzgGzHM5rxIkmkSHAP0SAFRV
PBjl2xMYWJWIFnzVMX6odojMv6hneChqjhCTCLQbdGhleW1vcyA8dGhleW1vcytw
Z3BAbW0uc3Q+iIAEExEIACgCGwMCHgECF4AFAkxww8QLCwkNCAwHCwoDBAIGFQgK
CQsDBRYDAgEAAAoJEMZVVpPatZHn4isBAKTwaR9MGR6lKAdS74C+8fgDalbEf4uh
6/mAVFhQYp+GAP9quUjlRyr/po10gTEKStoXOAZ9sRhrb3TlxDRf8C1BWrkCDQRW
DgiMEAgAvWIlg2CjBwhtmMgy+RoS6/HeevH0Qnz3PntfWsTqZuw4kNcu/Xk6HCmY
clN/Lqy8nn/FTaplKTAJS14J20F16nCv5fpzJKB/5i8HLpNz16xpSSPErn1whsKV
/wFCheQ/oFGcJFZvcmauB6iJ3XBvJbAQqF7+mH2ijAHVnwb7V7ANlWyqjbYxPoyb
ro69HUoRojh5MTNv/xGLIajjNH8Ckp9J2XUCWtavj4xJEIoWB3i3C/A0NVQuPGS5
1MqvhWaRvbVlrdhqAuNN1culvZpSLu1y+2vLiyLolLn70viuyH/ouoV/NRo4yFpP
yA1PXDxk+51petVxXPXbVdqvun9Y0wADBQgAmKTl1iwmUr5ncMIc13Bkj5nzF+w8
11OPZ3P98J7Cos0cIXpqLf8FgDr0xU2oPoq33i59xK0SIrj1TqjiSWC4S5YkJNEm
/hgyb+UOk2D2Xm0SKr+2BDMSREEsLhYO1vSi1O0ND1g2QgoQNQ91aMVZ92IX4V8h
++/8smxxcjLkCRc9YrzsRLeuP3PE489n8MzdYbui7vU+RJhKL7mlKKWDKxko3sVH
kmy3CBjjyp04KNAGJwpQzY8G3XmK9eRSypc71ST0ziJxFk5+DPEM8IPZGbHvCS0k
a2yf8Gp5oaCDkSKxNoAnMKcM7fTkFuekAvRKBGB/u+71anvpRCxKslc1gYh+BBgR
CAAmAhsMFiEEXms/O6lhGTxcm0Q1xlVWk9q1kecFAl1bRX0FCQzw13EACgkQxlVW
k9q1kedNhgD+Pp0ZBMuN9VUtzuIsS9gp0DiMmehOdCV99SifqH0phWEBAISGZ6Zl
bY8GhzbuuorCW/UUPHDODxiuBvHI9+/qFjDx
=39Rd
-----END PGP PUBLIC KEY BLOCK-----
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!